Avatar of it_gsr
it_gsr
 asked on

How to Remove TR/Dropper.Gen Virus

Hello,

I realised that my file server shares have all vanished. Checks revealled that the folders have become hidden and read-only and replacemenent exe's with the same name as the folders are not available instead.

My read around indicates this is Dropper virus or trojan. My antivirus program, Avira,  could not detect this virus.

I would like a step by step manual way of removing this virus and restoring the files and folders on my server to their original status.
Anti-Virus AppsWindows Server 2003Anti-Spyware

Avatar of undefined
Last Comment
Mohammed Hamada

8/22/2022 - Mon
Mohammed Hamada

Please check this link, edit registry at your own risk .
http://www.ehow.com/how_7308616_remove-tr_dropper-virus.html
mi3er

Hm, intresting. Maybe it's new modification. http://www.avira.com/en/support-threats-description/tid/3647/tr_dropper.gen.html Is your avira updated?
Try this cleaner. Doesn'r required install http://www.freedrweb.com/download+cureit/
ASKER CERTIFIED SOLUTION
Sudeep Sharma

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
it_gsr

ASKER
Sudeep

Followed the instructions and these are the logs.

I am yet to run step 3.

I notice that not long after the foldes are unidden by Roguekiller, the problem resurfaces. I assume it could be a user re-infecting the system.

Any way I can prevent reinfections?
RKreport-2--SC-01042013-02d0847.txt
mbam-log-2013-01-04--09-13-06-.txt
RKreport-1--S-01042013-02d0825.txt
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Mohammed Hamada

Get a descent antivirus or internet security, I'm using Kaspersky Internet security and haven't had any virus at all even though I visit some infected sites intentionally but Kaspersky even checks the website that you visit for infection. and also downloads even if they are compressed in ZIP format.

Also you may want to set your server behind a strict firewall like Cisco, SonicWALL for hardware or pfsense, untangle iptable for Software firewalls.

I'm using pfsense over 25 servers with IP blocker for spammers and Snort for network intrusion detection.

If you just have one server then you can set it for both your server and clients as well.